Received: by 10.223.164.202 with SMTP id h10csp286555wrb; Wed, 29 Nov 2017 22:20:53 -0800 (PST) X-Google-Smtp-Source: AGs4zMbcWHEBct3B8/SY8gvHM8zaYzOOA/Trg1HShEiuFkaes2jX6C0q9KayeYpfDCI6hQIq2G+e X-Received: by 10.99.106.129 with SMTP id f123mr1378132pgc.175.1512022853815; Wed, 29 Nov 2017 22:20:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512022853; cv=none; d=google.com; s=arc-20160816; b=Y3ZDBz0wjL6kk1gm6QpTiXrP90JvNxwtm/emNdPL+xTP4Kb3F0x1De8ItDpbqLuJjx vV2q+JJETE4HF9RvtwcHPscjEJr0JGKotepjoH9ZhcKDb7s4Bm+EE8z+M4x859wR0sSL 0QEUtpeIxLEWldfADt4e7akRf+y7aBHKXk56VlZO9dXVCeWwGbFIbar6yvqu9FmGRsvV OXtqGFHUOFQHTDRfY9/UuF3Ao75PVZvsFR9Chb5URmrF5U5fB5kPIRhIs8/ISiCLaH/E mR0y6Lt5TXGZkARbSsh5tNxedP68N2xziWtUVLi46dJ9MliuHKZcwTcSri8SF6fERFrf B7GA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=ws7BSOrZ/OjM2cZ2m52gS4Ymp66SIJ5ukoH6F0hwewo=; b=GOhcBmWyDi64zKzT4K/jouk3EAnHFr/M/SjQ7EnxzMEwasTTX2Wkujqp/7afuPEFLD 9S5KW5WYf0ceL33DjkQE6NDys7AwESwmTDEJ3Qt/I/DZVOK8r7mCjiIJxzfVHEx/9s/9 4p+h0kRoAUWz0TgeRdDE4qbj7cJEgBya7rSImzcj6BY9/UnjHJBBH5z2pIKi0T1D5GAY JTtdyDzP6GVuXM1Uz8UzOyQRG9XAzcXK+4HFSDkd1c5Lh7AyM6lgk2lde019ENewzVcB IU0ZdLUZjxxVBrzp8dTHpk/sEVE1gIeErAN299DTgEgP+g6c+r/iJOW5CDuKgePtEwu4 m/6w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si2526362plz.723.2017.11.29.22.20.41; Wed, 29 Nov 2017 22:20:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751655AbdK3GTQ (ORCPT + 99 others); Thu, 30 Nov 2017 01:19:16 -0500 Received: from relay-out3.mail.masterhost.ru ([83.222.12.13]:23372 "EHLO relay-out3.mail.masterhost.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750995AbdK3GTP (ORCPT ); Thu, 30 Nov 2017 01:19:15 -0500 X-Greylist: delayed 390 seconds by postgrey-1.27 at vger.kernel.org; Thu, 30 Nov 2017 01:19:14 EST Received: from [93.175.1.191] (helo=localhost.localdomain) by relay3.mail.masterhost.ru with esmtpa envelope from authenticated with philippe.mikoyan@skat.systems message id 1eKI5O-0001OR-VN; Thu, 30 Nov 2017 09:12:49 +0300 From: Philippe Mikoyan To: akpm@linux-foundation.org Cc: viro@zeniv.linux.org.uk, manfred@colorfullife.com, linux-kernel@vger.kernel.org, edgar.kaziakhmedov@virtuozzo.com, philippe.mikoyan@skat.systems Subject: [PATCH 1/2] ipc/shm: Fix shm_nattch incorrect value Date: Thu, 30 Nov 2017 09:12:23 +0300 Message-Id: <20171130061224.25466-2-philippe.mikoyan@skat.systems> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20171130061224.25466-1-philippe.mikoyan@skat.systems> References: <20171130061224.25466-1-philippe.mikoyan@skat.systems> X-KLMS-Rule-ID: 1 X-KLMS-Message-Action: clean X-KLMS-AntiSpam-Lua-Profiles: 119311 [Nov 30 2017] X-KLMS-AntiSpam-Version: 5.7.67.0 X-KLMS-AntiSpam-Envelope-From: philippe.mikoyan@skat.systems X-KLMS-AntiSpam-Rate: 0 X-KLMS-AntiSpam-Status: not_detected X-KLMS-AntiSpam-Method: none X-KLMS-AntiSpam-Info: LuaCore: 90 90 5dc5ed154507efaef166c077cc2b8afd8a7be26b, Auth:dkim=none, {DNS response errors} X-KLMS-AntiSpam-Interceptor-Info: scan successful X-KLMS-AntiPhishing: not scanned, disabled by settings X-KLMS-AntiVirus: Kaspersky Security 8.0 for Linux Mail Server, version 8.0.1.721, not scanned, license restriction Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patch fixes that do_shmat increases shm_nattch value twice. E.g. if memory segment was created just now and process attaches it, shmctl(..IPC_STAT..) of concurrently running process can at some point of time return data structure with 'shm_nattch' equal to 2. Signed-off-by: Philippe Mikoyan Signed-off-by: Edgar Kaziakhmedov --- ipc/shm.c | 58 +++++++++++++++++++++++++++------------------------------- 1 file changed, 27 insertions(+), 31 deletions(-) diff --git a/ipc/shm.c b/ipc/shm.c index badac463e2c8..565f17925128 100644 --- a/ipc/shm.c +++ b/ipc/shm.c @@ -190,33 +190,31 @@ static inline void shm_rmid(struct ipc_namespace *ns, struct shmid_kernel *s) ipc_rmid(&shm_ids(ns), &s->shm_perm); } - -static int __shm_open(struct vm_area_struct *vma) -{ - struct file *file = vma->vm_file; - struct shm_file_data *sfd = shm_file_data(file); - struct shmid_kernel *shp; - - shp = shm_lock(sfd->ns, sfd->id); - - if (IS_ERR(shp)) - return PTR_ERR(shp); - - shp->shm_atim = ktime_get_real_seconds(); - shp->shm_lprid = task_tgid_vnr(current); - shp->shm_nattch++; - shm_unlock(shp); - return 0; -} - /* This is called by fork, once for every shm attach. */ static void shm_open(struct vm_area_struct *vma) { - int err = __shm_open(vma); + struct file *file = vma->vm_file; + struct shm_file_data *sfd = shm_file_data(file); + struct shmid_kernel *shp; + int err = 0; + + shp = shm_lock(sfd->ns, sfd->id); + + if (IS_ERR(shp)) { + err = PTR_ERR(shp); + goto warn; + } + + shp->shm_atim = ktime_get_real_seconds(); + shp->shm_lprid = task_tgid_vnr(current); + shp->shm_nattch++; + shm_unlock(shp); + /* * We raced in the idr lookup or with shm_destroy(). * Either way, the ID is busted. */ +warn: WARN_ON_ONCE(err); } @@ -418,19 +416,10 @@ static int shm_mmap(struct file *file, struct vm_area_struct *vma) struct shm_file_data *sfd = shm_file_data(file); int ret; - /* - * In case of remap_file_pages() emulation, the file can represent - * removed IPC ID: propogate shm_lock() error to caller. - */ - ret = __shm_open(vma); - if (ret) - return ret; - ret = call_mmap(sfd->file, vma); - if (ret) { - shm_close(vma); + if (ret) return ret; - } + sfd->vm_ops = vma->vm_ops; #ifdef CONFIG_MMU WARN_ON(!sfd->vm_ops->fault); @@ -944,6 +933,7 @@ static int shmctl_stat(struct ipc_namespace *ns, int shmid, tbuf->shm_cpid = shp->shm_cprid; tbuf->shm_lpid = shp->shm_lprid; tbuf->shm_nattch = shp->shm_nattch; + rcu_read_unlock(); return result; @@ -1351,7 +1341,11 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, path = shp->shm_file->f_path; path_get(&path); + + shp->shm_atim = ktime_get_real_seconds(); + shp->shm_lprid = task_tgid_vnr(current); shp->shm_nattch++; + size = i_size_read(d_inode(path.dentry)); ipc_unlock_object(&shp->shm_perm); rcu_read_unlock(); @@ -1411,6 +1405,8 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, out_fput: fput(file); + if (!err) + goto out; out_nattch: down_write(&shm_ids(ns).rwsem); -- 2.11.0 From 1585591664553416517@xxx Fri Dec 01 14:20:46 +0000 2017 X-GM-THRID: 1585591664553416517 X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread